In 2025, banks’ anti-fraud systems received one of the largest upgrades of the last ten years. Customers will rarely ever hear anything about it. However, the difference will be evident as friction that has largely dissipated.
Older generations of fraud alert systems relied upon the use of rules. Any purchases made beyond a card holder’s regular zip code; transactions above certain thresholds; charges placed in countries that card holders have never visited; etc., all created flags. These systems were noisy because they had to be. Rules cannot replicate how a real person goes shopping and therefore any non-standard movement had the potential to create a phone call. More critically, sophisticated criminals developed knowledge of the rules. By using amounts slightly below the established thresholds; spoofing the location of their IP address to appear as if they were accessing their account from the card holder’s hometown; mimicking the timing of the card holder’s typical activities - the rule-based systems could be easily bypassed by anyone who understood how they functioned.
What replaced them isn’t a smarter rule. It’s a model of you.
Modern anti-fraud systems build a statistical fingerprint of how each card holder traditionally navigates through the world. While fraud detection systems will determine where you shop - they also determine how frequently you access your account information; how long you remain on the merchant’s checkout pages; what time of day you typically request contactless payments via your mobile phone; and, how you swipe your fingers on your bank’s mobile application. Together Hundreds of small data points create a probability score that continually evolves with each interaction with the card holder.
During a transaction, instead of asking “do I have a matching rule?”, fraud detection systems will inquire “what is the likelihood that this is this person doing this?” Even though a coffee purchased at your customary cafe may trigger a positive score based solely on the fact that you are purchasing a product at a previously unknown merchant - a single “small” transaction initiated from a device that you have never used at 3am will receive a lower score - even though neither singular event individually would have caused an old rule-based system to issue an alert. Fraud teams will not view each transaction as a definitive yes/no situation. Instead, they will review a numerical value representing the tail-end portion of a distribution curve.
This is known technically as behavioral biometrics. The heritage of this technology did not originate from banking - it originated from the field of online gaming and adversarial-systems engineering, which faced similar challenges (I.e. Distinguishing between legitimate human users and automated scripts) and needed solutions to those problems for many years prior to the financial services sector becoming aware of this type of solution. Teams responsible for developing fraud detection algorithms found ways to apply mathematical models that were applicable years earlier than the banking community required such solutions due to differences in the types of costs associated with failed detections.
Several factors contributed to changes in the way that consumers experience their fraud alerts:
The primary takeaway here is that you are being modeled more so than you were previously - however, most of the time this results in working in your favor. Banks essentially traded off friction for legitimate users against gathering additional behavioral data per session. Many privacy conscious customers do not appreciate this tradeoff; however, given the mathematics behind detection it is difficult to dispute.
To increase effectiveness for you specifically, consistency is key. Utilize the same device to access your bank applications. Clear cookies minimally. Allow your bank to observe that you consistently check your balances on tuesdays at 8 am. As more consistent evidence accumulates, the accuracy of the model increases; thus allowing for faster identification of fraudulent transactions and subsequently reducing unnecessary disruptions. Engineers who successfully implemented these approaches on behalf of millions of users have advocated this point for many years: “the more accurately a system can develop a profile of a real user, the more difficult it becomes for an imposter to gain unauthorized access.”
The reduced friction you no longer perceive wasn’t accidental. It resulted from a multi-billion-dollar engineering effort that eventually addressed issues related to fraud that gaming and security researchers had already been solving for ten years. The next time your bank doesn’t call about a charge that would have triggered a phone call in 2022, that’s the upgrade in action.
